Hackers in MediaWorks data breach blackmail victims for Bitcoin

Hackers connected to the MediaWorks' data breach are blackmailing victims by threatening to publicly release their private information if they do not comply.

The hackers are offering the information for sale on the dark web, saying it has citizens' names, addresses, mobile numbers, email addresses and other private information.

MediaWorks said it became aware of the claims on Friday which relate to data from website competition entries.

"Last night, all current competition entries were moved to a new secure database," it said.

"MediaWorks takes data security seriously and our technology team is investigating this potential incident with the support of external experts."

One person, who wishes to remain anonymous, sent Newshub an email they had received from the hackers on Thursday night. They said the email was sent to almost 100 other victims' email addresses.

"Attention! Your data has been leaked!" The subject line read.

"We attempted to negotiate with MediaWorks by offering a very low price to have them secure the data, but unfortunately, they displayed a disappointing lack of concern and refused. Their dismissive attitude, treating the data as valueless, has led us to consider releasing it publicly."

The hackers went on to demand a ransom of US$500 (roughly NZ$820).

"To protect yourself from potential harm, we are offering a one-time opportunity to have your data removed for a fee of \$500 USD in Bitcoin (BTC). This fee helps us cover the costs associated with recovering and deleting your data," they said.

"Time is critical. We may release the data at any moment, so we urge you to act swiftly if you wish to remove your information."

MediaWorks said in an update on Tuesday it is continuing to investigate which parts of the database may have been accessed by an unauthorised party and how this occurred. 

"Our initial assessment indicates the number of unique users in the database is significantly lower than reported," a spokesperson said.

The hacker claimed the personal information of 2.5 million New Zealanders had been compromised, however, MediaWorks said its initial assessment indicated the number of unique users in the database is significantly lower than reported.

"MediaWorks is sorry for the concern this is causing, particularly to those who have entered our competitions. We are in contact with the appropriate authorities and will communicate directly with affected parties once we have completed our review," it said.

"At this time we would ask Kiwis to be extra vigilant for phishing scams by phone, text or email. Cert NZ recommends whenever you follow a link to a screen that's asking you to log in or enter personal details, you check the domain name in the browser address bar matches the company you expect before you enter any information. Cert NZ also advises against engaging with threat actors or paying ransom for the return of data."

MediaWorks added it is aware some individuals may have had direct approaches from the hacker and urged anyone with concerns to get in touch with its privacy office at privacy@mediaworks.co.nz.